

<!DOCTYPE html>
<html class="writer-html5" lang="en" >
<head>
  <meta charset="utf-8" />
  <meta name="generator" content="Docutils 0.19: https://docutils.sourceforge.io/" />

  <meta name="viewport" content="width=device-width, initial-scale=1.0" />
  
  <title>Temp URL 操作 &mdash; Ceph Documentation</title>
  

  
  <link rel="stylesheet" href="../../../_static/ceph.css" type="text/css" />
  <link rel="stylesheet" href="../../../_static/pygments.css" type="text/css" />
  <link rel="stylesheet" href="../../../_static/pygments.css" type="text/css" />
  <link rel="stylesheet" href="../../../_static/ceph.css" type="text/css" />
  <link rel="stylesheet" href="../../../_static/graphviz.css" type="text/css" />
  <link rel="stylesheet" href="../../../_static/css/custom.css" type="text/css" />

  
  

  
  

  

  
  <!--[if lt IE 9]>
    <script src="../../../_static/js/html5shiv.min.js"></script>
  <![endif]-->
  
    
      <script type="text/javascript" id="documentation_options" data-url_root="../../../" src="../../../_static/documentation_options.js"></script>
        <script src="../../../_static/jquery.js"></script>
        <script src="../../../_static/_sphinx_javascript_frameworks_compat.js"></script>
        <script data-url_root="../../../" id="documentation_options" src="../../../_static/documentation_options.js"></script>
        <script src="../../../_static/doctools.js"></script>
        <script src="../../../_static/sphinx_highlight.js"></script>
    
    <script type="text/javascript" src="../../../_static/js/theme.js"></script>

    
    <link rel="index" title="Index" href="../../../genindex/" />
    <link rel="search" title="Search" href="../../../search/" />
    <link rel="next" title="Tutorial" href="../tutorial/" />
    <link rel="prev" title="对象操作" href="../objectops/" /> 
</head>

<body class="wy-body-for-nav">

   
  <header class="top-bar">
    <div role="navigation" aria-label="Page navigation">
  <ul class="wy-breadcrumbs">
      <li><a href="../../../" class="icon icon-home" aria-label="Home"></a></li>
          <li class="breadcrumb-item"><a href="../../">Ceph 对象网关</a></li>
          <li class="breadcrumb-item"><a href="../">Ceph 对象网关 Swift API</a></li>
      <li class="breadcrumb-item active">Temp URL 操作</li>
      <li class="wy-breadcrumbs-aside">
            <a href="../../../_sources/radosgw/swift/tempurl.rst.txt" rel="nofollow"> View page source</a>
      </li>
  </ul>
  <hr/>
</div>
  </header>
  <div class="wy-grid-for-nav">
    
    <nav data-toggle="wy-nav-shift" class="wy-nav-side">
      <div class="wy-side-scroll">
        <div class="wy-side-nav-search"  style="background: #eee" >
          

          
            <a href="../../../" class="icon icon-home"> Ceph
          

          
          </a>

          

          
<div role="search">
  <form id="rtd-search-form" class="wy-form" action="../../../search/" method="get">
    <input type="text" name="q" placeholder="Search docs" aria-label="Search docs" />
    <input type="hidden" name="check_keywords" value="yes" />
    <input type="hidden" name="area" value="default" />
  </form>
</div>

          
        </div>

        
        <div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="main navigation">
          
            
            
              
            
            
              <ul class="current">
<li class="toctree-l1"><a class="reference internal" href="../../../start/">Ceph 简介</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../install/">安装 Ceph</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../cephadm/">Cephadm</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../rados/">Ceph 存储集群</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../cephfs/">Ceph 文件系统</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../rbd/">Ceph 块设备</a></li>
<li class="toctree-l1 current"><a class="reference internal" href="../../">Ceph 对象网关</a><ul class="current">
<li class="toctree-l2"><a class="reference internal" href="../../frontends/">HTTP 前端</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../multisite/">多站配置</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../zone-features/">域的功能</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../placement/">存储池归置与存储类</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../multisite-sync-policy/">多站同步策略配置</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../pools/">存储池的配置</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../config-ref/">配置参考</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../admin/">管理指南</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../account/">用户账户</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../s3/">S3 API</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../iam/">IAM API</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../rgw-cache/">数据缓存和 CDN</a></li>
<li class="toctree-l2 current"><a class="reference internal" href="../">Swift API</a><ul class="current">
<li class="toctree-l3 current"><a class="reference internal" href="../#api">API</a><ul class="current">
<li class="toctree-l4"><a class="reference internal" href="../auth/">认证</a></li>
<li class="toctree-l4"><a class="reference internal" href="../serviceops/">服务操作</a></li>
<li class="toctree-l4"><a class="reference internal" href="../containerops/">容器操作</a></li>
<li class="toctree-l4"><a class="reference internal" href="../objectops/">对象操作</a></li>
<li class="toctree-l4 current"><a class="current reference internal" href="#">临时 URL 操作</a></li>
<li class="toctree-l4"><a class="reference internal" href="../tutorial/">指导手册</a></li>
<li class="toctree-l4"><a class="reference internal" href="../java/">Java</a></li>
<li class="toctree-l4"><a class="reference internal" href="../python/">Python</a></li>
<li class="toctree-l4"><a class="reference internal" href="../ruby/">Ruby</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="../#id1">功能支持</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="../../adminops/">管理操作 API</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../api/">Python 接口</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../nfs/">通过 NFS 导出</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../keystone/">与 OpenStack Keystone 对接</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../barbican/">与 OpenStack Barbican 对接</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../vault/">与 HashiCorp Vault 对接</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../kmip/">与 KMIP 对接</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../opa/">与 Open Policy Agent 对接</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../multitenancy/">多租户</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../compression/">压缩</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../ldap-auth/">LDAP 认证</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../encryption/">服务器端加密</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../bucketpolicy/">桶策略</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../dynamicresharding/">动态的桶索引重分片</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../mfa/">多因子认证</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../sync-modules/">同步模块</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../notifications/">Bucket Notifications</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../layout/">RADOS 中的数据布局</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../STS/">STS</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../STSLite/">STS Lite</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../keycloak/">Keycloak</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../session-tags/">Session Tags</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../role/">Role</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../orphans/">Orphan List and Associated Tooliing</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../oidc/">OpenID Connect Provider</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../troubleshooting/">故障排除</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../man/8/radosgw/">radosgw 手册页</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../man/8/radosgw-admin/">radosgw-admin 手册页</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../qat-accel/">使用 QAT 为加密和压缩提速</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../s3select/">S3-select</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../lua-scripting/">Lua Scripting</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../d3n_datacache/">D3N Data Cache</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../cloud-transition/">Cloud Transition</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../metrics/">Metrics</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../uadk-accel/">UADK Acceleration for Compression</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../bucket_logging/">桶的日志记录</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../../../mgr/">Ceph 管理器守护进程</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../mgr/dashboard/">Ceph 仪表盘</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../monitoring/">监控概览</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../api/">API 文档</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../architecture/">体系结构</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../dev/developer_guide/">开发者指南</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../dev/internals/">Ceph 内幕</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../governance/">项目管理</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../foundation/">Ceph 基金会</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../ceph-volume/">ceph-volume</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../releases/general/">Ceph 版本（总目录）</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../releases/">Ceph 版本（索引）</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../security/">Security</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../hardware-monitoring/">硬件监控</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../glossary/">Ceph 术语</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../jaegertracing/">Tracing</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../translation_cn/">中文版翻译资源</a></li>
</ul>

            
          
        </div>
        
      </div>
    </nav>

    <section data-toggle="wy-nav-shift" class="wy-nav-content-wrap">

      
      <nav class="wy-nav-top" aria-label="top navigation">
        
          <i data-toggle="wy-nav-top" class="fa fa-bars"></i>
          <a href="../../../">Ceph</a>
        
      </nav>


      <div class="wy-nav-content">
        
        <div class="rst-content">
        
          <div role="main" class="document" itemscope="itemscope" itemtype="http://schema.org/Article">
           <div itemprop="articleBody">
            
<div id="dev-warning" class="admonition note">
  <p class="first admonition-title">Notice</p>
  <p class="last">This document is for a development version of Ceph.</p>
</div>
  <div id="docubetter" align="right" style="padding: 5px; font-weight: bold;">
    <a href="https://pad.ceph.com/p/Report_Documentation_Bugs">Report a Documentation Bug</a>
  </div>

  
  <section id="temp-url">
<h1>Temp URL 操作<a class="headerlink" href="#temp-url" title="Permalink to this heading"></a></h1>
<p>为做到无需共享凭据也能临时允许访问（比如用于 <cite>GET</cite> 请求）对象，
radosgw 末端的 swift 也支持临时 URL 功能。要用此功能，需设置 <cite>X-Account-Meta-Temp-URL-Key</cite> 或可选项
<cite>X-Account-Meta-Temp-URL-Key-2</cite> 的初始值。 Temp URL 功能需要这些密钥的 HMAC-SHA1 签名。</p>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p>If you are planning to expose Temp URL functionality for the
Swift API, it is strongly recommended to include the Swift
account name in the endpoint definition, so as to most
closely emulate the behavior of native OpenStack Swift. To
do so, set the <code class="docutils literal notranslate"><span class="pre">ceph.conf</span></code> configuration option <code class="docutils literal notranslate"><span class="pre">rgw</span>
<span class="pre">swift</span> <span class="pre">account</span> <span class="pre">in</span> <span class="pre">url</span> <span class="pre">=</span> <span class="pre">true</span></code>, and update your Keystone
endpoint to the URL suffix <code class="docutils literal notranslate"><span class="pre">/v1/AUTH_%(tenant_id)s</span></code>
(instead of just <code class="docutils literal notranslate"><span class="pre">/v1</span></code>).</p>
</div>
<section id="post-temp-url">
<h2>POST Temp-URL 密钥<a class="headerlink" href="#post-temp-url" title="Permalink to this heading"></a></h2>
<p>向 swift 帐户发送一个带有所需 Key 的 <code class="docutils literal notranslate"><span class="pre">POST</span></code> 请求，就能给此帐户设置临时 URL 私钥，这样就可向其他帐户提供临时 URL 访问了。最多支持两个密钥，两个密钥的签名都要检查，如果没问题，密钥就可以继续使用、临时 URL 也不会失效。</p>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p>Native OpenStack Swift also supports the option to set
temporary URL keys at the container level, issuing a
<code class="docutils literal notranslate"><span class="pre">POST</span></code> or <code class="docutils literal notranslate"><span class="pre">PUT</span></code> request against a container that sets
<code class="docutils literal notranslate"><span class="pre">X-Container-Meta-Temp-URL-Key</span></code> or
<code class="docutils literal notranslate"><span class="pre">X-Container-Meta-Temp-URL-Key-2</span></code>. This functionality is
not supported in radosgw; temporary URL keys can only be set
and used at the account level.</p>
</div>
<section id="id1">
<h3>语法<a class="headerlink" href="#id1" title="Permalink to this heading"></a></h3>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">POST</span> <span class="o">/</span><span class="p">{</span><span class="n">api</span> <span class="n">version</span><span class="p">}</span><span class="o">/</span><span class="p">{</span><span class="n">account</span><span class="p">}</span> <span class="n">HTTP</span><span class="o">/</span><span class="mf">1.1</span>
<span class="n">Host</span><span class="p">:</span> <span class="p">{</span><span class="n">fqdn</span><span class="p">}</span>
<span class="n">X</span><span class="o">-</span><span class="n">Auth</span><span class="o">-</span><span class="n">Token</span><span class="p">:</span> <span class="p">{</span><span class="n">auth</span><span class="o">-</span><span class="n">token</span><span class="p">}</span>
</pre></div>
</div>
</section>
<section id="id2">
<h3>请求头<a class="headerlink" href="#id2" title="Permalink to this heading"></a></h3>
<p><code class="docutils literal notranslate"><span class="pre">X-Account-Meta-Temp-URL-Key</span></code></p>
<dl class="field-list simple">
<dt class="field-odd">描述<span class="colon">:</span></dt>
<dd class="field-odd"><p>用户定义的密钥，可以是任意字符串。</p>
</dd>
<dt class="field-even">类型<span class="colon">:</span></dt>
<dd class="field-even"><p>String</p>
</dd>
<dt class="field-odd">是否必需<span class="colon">:</span></dt>
<dd class="field-odd"><p>Yes</p>
</dd>
</dl>
<p><code class="docutils literal notranslate"><span class="pre">X-Account-Meta-Temp-URL-Key-2</span></code></p>
<dl class="field-list simple">
<dt class="field-odd">描述<span class="colon">:</span></dt>
<dd class="field-odd"><p>用户定义的密钥，可以是任意字符串。</p>
</dd>
<dt class="field-even">类型<span class="colon">:</span></dt>
<dd class="field-even"><p>String</p>
</dd>
<dt class="field-odd">是否必需<span class="colon">:</span></dt>
<dd class="field-odd"><p>No</p>
</dd>
</dl>
</section>
</section>
<section id="id3">
<h2>获取 Temp-URL 对象<a class="headerlink" href="#id3" title="Permalink to this heading"></a></h2>
<p>临时 URL 用密码学 HMAC-SHA1 签名，它包含下列要素：</p>
<ol class="arabic simple">
<li><p>请求方法的值，如 “GET”</p></li>
<li><p>过期时间，格式为纪元以来的秒数，即 Unix 时间</p></li>
<li><p>从 “v1” 起的请求路径</p></li>
</ol>
<p>上述条目将用新行格式化，并用之前上传的临时 URL 密钥通过 SHA-1
哈希算法生成一个 HMAC 。</p>
<p>下面的 Python 脚本演示了上述过程：</p>
<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="kn">import</span> <span class="nn">hmac</span>
<span class="kn">from</span> <span class="nn">hashlib</span> <span class="kn">import</span> <span class="n">sha1</span>
<span class="kn">from</span> <span class="nn">time</span> <span class="kn">import</span> <span class="n">time</span>

<span class="n">method</span> <span class="o">=</span> <span class="s1">&#39;GET&#39;</span>
<span class="n">host</span> <span class="o">=</span> <span class="s1">&#39;https://objectstore.example.com/swift&#39;</span>
<span class="n">duration_in_seconds</span> <span class="o">=</span> <span class="mi">300</span>  <span class="c1"># Duration for which the url is valid</span>
<span class="n">expires</span> <span class="o">=</span> <span class="nb">int</span><span class="p">(</span><span class="n">time</span><span class="p">()</span> <span class="o">+</span> <span class="n">duration_in_seconds</span><span class="p">)</span>
<span class="n">path</span> <span class="o">=</span> <span class="s1">&#39;/v1/your-bucket/your-object&#39;</span>
<span class="n">key</span> <span class="o">=</span> <span class="s1">&#39;secret&#39;</span>
<span class="n">hmac_body</span> <span class="o">=</span> <span class="s1">&#39;</span><span class="si">%s</span><span class="se">\n</span><span class="si">%s</span><span class="se">\n</span><span class="si">%s</span><span class="s1">&#39;</span> <span class="o">%</span> <span class="p">(</span><span class="n">method</span><span class="p">,</span> <span class="n">expires</span><span class="p">,</span> <span class="n">path</span><span class="p">)</span>
<span class="n">sig</span> <span class="o">=</span> <span class="n">hmac</span><span class="o">.</span><span class="n">new</span><span class="p">(</span><span class="n">key</span><span class="p">,</span> <span class="n">hmac_body</span><span class="p">,</span> <span class="n">sha1</span><span class="p">)</span><span class="o">.</span><span class="n">hexdigest</span><span class="p">()</span>
<span class="n">rest_uri</span> <span class="o">=</span> <span class="s2">&quot;</span><span class="si">{host}{path}</span><span class="s2">?temp_url_sig=</span><span class="si">{sig}</span><span class="s2">&amp;temp_url_expires=</span><span class="si">{expires}</span><span class="s2">&quot;</span><span class="o">.</span><span class="n">format</span><span class="p">(</span>
        <span class="n">host</span><span class="o">=</span><span class="n">host</span><span class="p">,</span> <span class="n">path</span><span class="o">=</span><span class="n">path</span><span class="p">,</span> <span class="n">sig</span><span class="o">=</span><span class="n">sig</span><span class="p">,</span> <span class="n">expires</span><span class="o">=</span><span class="n">expires</span><span class="p">)</span>
<span class="nb">print</span><span class="p">(</span><span class="n">rest_uri</span><span class="p">)</span>

<span class="c1"># Example Output</span>
<span class="c1"># https://objectstore.example.com/swift/v1/your-bucket/your-object?temp_url_sig=ff4657876227fc6025f04fcf1e82818266d022c6&amp;temp_url_expires=1423200992</span>
</pre></div>
</div>
</section>
</section>



<div id="support-the-ceph-foundation" class="admonition note">
  <p class="first admonition-title">Brought to you by the Ceph Foundation</p>
  <p class="last">The Ceph Documentation is a community resource funded and hosted by the non-profit <a href="https://ceph.io/en/foundation/">Ceph Foundation</a>. If you would like to support this and our other efforts, please consider <a href="https://ceph.io/en/foundation/join/">joining now</a>.</p>
</div>


           </div>
           
          </div>
          <footer><div class="rst-footer-buttons" role="navigation" aria-label="Footer">
        <a href="../objectops/" class="btn btn-neutral float-left" title="对象操作" accesskey="p" rel="prev"><span class="fa fa-arrow-circle-left" aria-hidden="true"></span> Previous</a>
        <a href="../tutorial/" class="btn btn-neutral float-right" title="Tutorial" accesskey="n" rel="next">Next <span class="fa fa-arrow-circle-right" aria-hidden="true"></span></a>
    </div>

  <hr/>

  <div role="contentinfo">
    <p>&#169; Copyright 2016, Ceph authors and contributors. Licensed under Creative Commons Attribution Share Alike 3.0 (CC-BY-SA-3.0).</p>
  </div>

   

</footer>
        </div>
      </div>

    </section>

  </div>
  

  <script type="text/javascript">
      jQuery(function () {
          SphinxRtdTheme.Navigation.enable(true);
      });
  </script>

  
  
    
   

</body>
</html>